Judge approves settlement in Sony Pictures hacking case
http://hosted.ap.org/dynamic/stories/U/US_SONY_HACK_SETTLEMENT?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2016-04-06-16-23-13

A judge on Wednesday approved a multimillion dollar settlement in a class-action lawsuit filed by former Sony Pictures Entertainment employees whose private information was stolen in a massive data breach.

The U.S. government blamed the hack on North Korea in an attempt to derail the release of the North Korean-focused comedy “The Interview.”

U.S. District Judge R. Gary Klausner approved the agreement that gives roughly 437,000 people impacted by the breach identity theft protection from the time of the 2014 hack through 2017.

Source: http://www.slate.com/articles/technology/users/2015/11/sony_employees_on_the_hack_one_year_later.single.html

Inside the Sony Hack
http://www.slate.com/articles/technology/users/2015/11/sony_employees_on_the_hack_one_year_later.single.html

What it was like to be a rank-and-file Sony employee as the unprecedented cyberattack tore the company apart.

Every morning, like so many of her colleagues, a television writer would drive from her Hollywood apartment to the Culver City, California, lot of Sony Pictures Entertainment. Greeting her at the gate most days was “this really, really nice woman who said, ‘Happy Monday! Happy Tuesday! Happy Wednesday!’ ” she says. “Like, welcome to the fake small town that you work in!”

One year ago, on Nov. 24, 2014, there was no “Happy Monday” when the screenwriter approached the Sony lot. Instead the guard told her to pull out her badge and swipe it to unlock the gate herself.

Across the lot, select company computers were playing a movie Sony hadn’t produced. I

It was signed, “Hacked by #GOP.”

Early reviews were lukewarm. “It felt like getting hacked in the early ’90s,” says one Sony employee

“The message looked like something out of Hackers, the movie. Like, You’ve been hacked, bitch! It was a throwback. Almost cute.” Nobody knew that “it was the beginning of this terrible, awful experience that would stretch on forever and ever.”

Outside Sony, it would eventually seem as if all the studio’s info had been exposed for everyone to see. But inside the studio, nobody could access anything. “Everything was so completely destroyed. It was surreal. Everything was down,” one ex-employee told me. “It wasn’t just one system or one part of the lot or one building. The network was completely chewed up by the virus.”

“It was like a bomb went off,” one staffer says. “We looked around. We were still alive. So we started doing triage.”

The telephone directory vanished. Voicemail was offline. Computers became bricks. Internet access on the lot was shuttered. The cafeteria went cash-only. Contracts—and the templates those contracts were based on—disappeared. Sony’s online database of stock footage was unsearchable. It was near impossible for Sony to communicate directly with its employees—much less ex-employees, who were also gravely affected by the hack—to inform them of what was even happening and what to do about it. “It was like moving back into an earlier time,” one employee says. The only way to reach other Sony staffers was to dial their number directly—if you could figure out what it was—or hunt them down and talk face to face.

At first, staffers were told that Sony was “working on an IT issue” and that systems should be online again soon. Instructions were relayed “like a game of telephone,” one employee says.

When workers first arrived on the lot that Monday morning, they got a message through a security guard or a colleague or a handwritten sign taped up to the wall: Don’t turn on your computer. Later, someone might pop in and deliver the latest directive fourth-hand: “Unplug your computer from the wall.“ Which plug? The network cable? The power cord? Who knows? Just unplug everything. Says one worker: “It was all the hysteria of not knowing.”

In the days after the hack, Sony set up a hotline for employees to call with questions about identity theft. It made psychological counselors available on campus. It had the FBI—whose agents were camped out on the lot for weeks, investigating the hack—host employee seminars on data security. Once email was back online, Sony sent staffers an internal memo nearly every day, most of them signed by Lynton himself. Lynton ate alone in the lot cafeteria and invited employees to come and chat. But company communications were often lacking in specifics—an “IT issue,” huh?—so workers hit their phones in search of answers, texting with colleagues, searching Twitter for the hackers’ hashtag, and passing around cellphone pictures of the spooky pink skeleton to staffers who hadn’t seen it yet. Rumors raced across the lot. Maybe it was North Korea. Or maybe it was that old PR guy who left on bad terms.

Some employees—among them lawyers, HR reps, tech and finance people—had jobs so integrated in Sony’s systems that their regular work ground to a halt. Many were instantly shifted to new duties, working to get systems back online.

“It was an Earth-shattering change,” an ex-employee says. “There was no ability to reference anything else that had happened before the hack.” One Sony contractor told me that, when he failed to receive his regular check a month after the hack, he called the company and was told: “Sorry, how much do we pay you?” Systems that got back online quickly were just a “rough draft,” a “weird middle ground,” and “built on sand,” various workers said—totally temporary and not customized to the actual work.

The giant Japanese electronics company dazzled us with its Walkman and Discman in the late 70s/early 80s, as well as with its TVs, cameras and game consoles over the years. But things took a bad turn in 2005…

Hackers really have had their way with Sony over the past year, taking down its Playstation Network last Christmas Day and creating an international incident by exposing confidential data from Sony Pictures Entertainment in response to The Interview. Some say all this is karmic payback for what’s become known as a seminal moment in malware history: Sony BMG sneaking rootkits into music CDs 10 years ago in the name of digital rights management. ‘In a sense, it was the first thing Sony did that made hackers love to hate them,’

Sony BMG Rootkit Scandal: 10 Years Later
http://www.networkworld.com/article/2998251/malware-cybercrime/sony-bmg-rootkit-scandal-10-years-later.html

Object lessons from infamous 2005 Sony BMG rootkit security/privacy incident are many — and Sony’s still paying a price for its ham-handed DRM overreach today.

Sony Pictures Entertainment (SPE) has agreed to pay up to $8m (£5.18m) to settle a lawsuit stemming from its 2014 IT security meltdown.

The movie studio will pay out damages after the personal details of 47,000 current and former employees leaked onto the internet following a network breach said to have stemmed from its decision to release the film The Interview.

Under the terms of the settlement [PDF], Sony will pay out damages of up to $2m (£1.29m) to the current and former employees whose data was stolen by hackers, as well as a fund of up to $10,000 (£6,400) per employee and up to $2.5m (£1.61m) in total for any individuals who experienced identity theft or fraud as a result of the leak. Additionally, the studio will pay out $3.5m (£2.26m) to cover attorney fees and legal costs related to the lawsuit.

Sony Cyber Attack Settlement Includes ID Theft Protection, $4.5 Mil Reimbursement Funds
http://variety.com/2015/film/news/sony-hack-class-action-settlement-id-theft-protection-1201621993/

The settlement reached by Sony Pictures Entertainment and ex-employees who sued over last year’s massive cyber attack includes additional years of identity protection services, a $2 million fund to compensate for unreimbursed expenses and up to $2.5 million for losses from ID theft.

The terms of the settlement were disclosed in a filing with U.S. District Court in Los Angeles on Monday.

Ten former Sony employees filed class action lawsuits in December and January, in cases that were eventually consolidated. In September, the studio and the ex-employees informed the court that they had reached an agreement.

The settlement also provides for the class counsel to receive $3.5 million in attorneys fees, costs and expenses.

Cloudsec Yesteryear’s hack of Sony Pictures was an act of war, stated FBI Supervisory Special Agent Timothy Wallach, who delivered the FBI’s gradation system of cybercriminals to net security conference Cloudsec on Thursday, 17 September.

US agencies have fingered the North Korean government for the Sony attack repeatedly, initially to much scorn as the nation is popularly believed to be residing in the technical dark ages.

However, the Norks role in the breach has been increasingly accepted, as information about the NSA’s role in attribution has been made public.

Presenting the act of war at one end of the spectrum, with hacktivists at the other end, FBI Supervisory Special Agent Timothy Wallach told Cloudsec about the agency’s ongoing efforts to deal with cybercrime.

Wallach made it clear the FBI distinguished hacktivists – a term he suggested covered ideological actors, including everyone from LOIC and Lizard Stresser ego-hackers, through to those defacing police websites following the shootings of young African American men – from those cybercriminals who were motivated by financial gain or espionage.

The hack of Sony pictures, he suggested, was an act of warfare, though it remains unclear how it might be considered a military act of sabotage, other than its nation-state backing.

According to Wallach, who is currently assigned to lead the Cyber Task Force in the Seattle Field Office of the FBI, reports of breaches increased by 55 per cent between 2013 and 2014.

These breaches often targeted personal identifiable information, although an increasing number went after healthcare information, which Wallach regards as a larger target.

SONY IS STILL feeling the effects of the possible North Korean hack on its film business, but is close to ending at least one part of the problem: the settlement of a lawsuit filed by some of the firm’s affected employees.

The hack on Sony stripped it of data and dignity and plunged all elements of its business into the spotlight. There are a lot of ramifications to deal with. One of these, a lawsuit raised by employees who had their data breached and posted online, could be coming to a conclusion.

The class action suit followed the assault on SPE that peeled the company like a banana and released the fruit to the masses. The firm was put under the thumb of the hackers, thought to be North Korean, and its documents were shared by outfits including WikiLeaks.

“There is no playbook for this, so you are in essence trying to look at the situation as it unfolds and make decisions without being able to refer to a lot of experiences you’ve had in the past or other people’s experiences. You’re on completely new ground.”

Inside the Sony Hack
A cyber-invasion brought Sony Pictures to its knees and terrified corporate America. The story of what really happened—and why Sony should have seen it coming. A special three-part investigation.

Part 1: Who was manning the ramparts at Sony Pictures?
http://fortune.com/sony-hack-part-1/

Part 2: The storm builds
http://fortune.com/sony-hack-part-two/